ACL Questions

Go to solution
PeteM1
Tera Contributor

‎01-28-2023 02:34 PM

So, I am having an issue understanding SN ACLs. I have two 'Edit' ACL's for a table. One that allows for creating but not editing of records for two roles (teammembers and requesters). This seems to work as designed. However, when I add an additional ACL write rule (shown below) selecting * in the fields field, it no longer allows the requesters to create records. I thought, how I have it set up it would ONLY impact the teammembers role, however that doesn't seem to be the case. With that, I am having a difficult time understanding why the requesters role is impacted. 

 

Any thoughts (and or good tutorials) would be appreciated. Thank you. 

 

PeteM1_0-1674944490226.png

 

0 Helpfuls
  • 909 Views
1 ACCEPTED SOLUTION

Go to solution
Basheer
Mega Sage

‎01-28-2023 11:15 PM

Hi @PeteM1 ,

There is slight confusion in your below statements.

One that allows for creating but not editing of records for two roles (teammembers and requesters) ---> It meas both roles are able to create but not edit.

However, when I add an additional ACL write rule (shown below) selecting * in the fields field, it no longer allows the requesters to create records. ---> In the above statement you've mentioned both roles are able to create records. Do you mean create records or edit records in this statment as highilghted? In my understanding you are saying edit records instead of create records. I'm I correct?

 

If my understanding is correct, then what ever you've configured is working fine because the edit access you've given only to the team members role not the requester role.

 

If my understanding is wrong, then what ever you've configured is working fine here as well in this case because without giving edit access to the columns how could a role create the records?

 

You need to write something like this to work this out in your 2nd ACL. Change the below script according to your business logic.

if((gs.hasRole("teamMember") || gs.hasRole("Requestor")) && current.isNewRecord()){
answer = true;
}
else if(gs.hasRole("requestor")  && !current.isNewRecord){
answer = true;
}
else
{
answer = false;
}

 

 

 

 

Please hit like button if my suggestion has helped you in any way.
Please mark correct if my response has solved your query.

Cheers,
Mohammed Basheer Ahmed.

View solution in original post

3 REPLIES 3

Go to solution
Basheer
Mega Sage

‎01-28-2023 11:15 PM

Hi @PeteM1 ,

There is slight confusion in your below statements.

One that allows for creating but not editing of records for two roles (teammembers and requesters) ---> It meas both roles are able to create but not edit.

However, when I add an additional ACL write rule (shown below) selecting * in the fields field, it no longer allows the requesters to create records. ---> In the above statement you've mentioned both roles are able to create records. Do you mean create records or edit records in this statment as highilghted? In my understanding you are saying edit records instead of create records. I'm I correct?

 

If my understanding is correct, then what ever you've configured is working fine because the edit access you've given only to the team members role not the requester role.

 

If my understanding is wrong, then what ever you've configured is working fine here as well in this case because without giving edit access to the columns how could a role create the records?

 

You need to write something like this to work this out in your 2nd ACL. Change the below script according to your business logic.

if((gs.hasRole("teamMember") || gs.hasRole("Requestor")) && current.isNewRecord()){
answer = true;
}
else if(gs.hasRole("requestor")  && !current.isNewRecord){
answer = true;
}
else
{
answer = false;
}

 

 

 

 

Please hit like button if my suggestion has helped you in any way.
Please mark correct if my response has solved your query.

Cheers,
Mohammed Basheer Ahmed.

Go to solution
PeteM1
Tera Contributor

‎01-29-2023 03:14 PM

@Basheer - thank you very much for the response. Yes, you did understand correctly. As for the first part, the user could create the record, but the fields were disabled...so they could not add content. I apologize for my sloppy writing - I was getting a bit frustrated. In any event, I did what you suggested and 'beefed up' the if statement in the ACL and along with a query business rule - I was able to get the desired outcome. Again, thank you for your detailed response.

0 Helpfuls

Go to solution
kiwi07
Tera Contributor

‎02-02-2023 11:22 PM

is there a way in ACL where if i have 10 records in a table i can show 5 to user X and 5 to user Y ?

 

0 Helpfuls